A2SHE: An anonymous authentication scheme for health emergencies in public venues

Abstract

With the outbreak of health emergencies such as COVID-19 and monkeypox, individuals are required to present their pandemic prevention and control (PPC) credentials when accessing public venues, which raises significant privacy concerns that the data from individuals embedded in the PPC credentials may be leaked maliciously. While previous studies have proposed privacy-preserving solutions, they come with their own set of challenges. Specifically, none can simultaneously meet the requirements of non-transferability for the information in authentication and privacy protection for personal identities. Moreover, the existing membership management mechanisms adopted by revocable solutions entail additional computational costs for both users and verifiers. Therefore, this paper presents an anonymous authentication scheme for health emergencies in public venues (A²SHE, for short) to overcome these challenges. A²SHE offers a novel membership management mechanism that supports revocability for invalid users and traceability for patients while considering the trade-off between privacy and performance. A²SHE also introduces a biometric-based key derivation algorithm to prevent the transferability of authentication information. Furthermore, based on the framework of A²SHE and considering the security and privacy requirements for health emergencies in public venues, a concrete construction of A²SHE is presented. The feasibility of the proposed scheme is demonstrated through both of the security and performance analysis. The results show that A²SHE achieves an optimal balance between security and performance that differs from previous schemes, presenting a novel practical approach for access control in public venues.